WhatsApp Patches Privacy Flaw in ‘View Once’ Feature After Zengo Discovery

Privacy flaw exposing user status updates to strangers remains unresolved despite being reported months ago

  • WhatsApp has fixed a security flaw in its View Once feature that allowed unauthorized access to disappearing media.
  • Crypto wallet startup Zengo discovered the vulnerability in August 2023 through their web app research.
  • The initial patch by WhatsApp did not fully resolve the security issue.
  • Meta’s latest update prevents unauthorized devices from accessing View Once messages.
  • Security researchers indicate potential remaining vulnerabilities in sender devices.

WhatsApp Patches Major Privacy Vulnerability in Disappearing Media Feature

- Advertisement -

Meta’s messaging platform WhatsApp has implemented a comprehensive fix for a security vulnerability in its View Once feature, addressing a flaw first identified by cryptocurrency wallet provider Zengo in August 2023. The patch comes after months of security concerns about the privacy of supposedly self-destructing media content.

Technical Vulnerability Details

The security flaw, documented by Zengo’s research team, revealed that WhatsApp’s View Once feature could be bypassed through the platform’s web application. The feature, designed to automatically delete media files after a single viewing, failed to enforce restrictions at the API server level.

Zengo’s co-founder Tal Be’ery explained: "When we looked into the implementation details we were very surprised to find that although ‘View Once’ is meant to be limited to platforms in which the app can control its displayed content and prevent other processes from abusing it, it is not enforced by WhatsApp’s API server."

Remaining Security Considerations

While the new update represents a significant improvement, Be’ery notes persistent security concerns:

  • Sender devices still retain access to View Once messages
  • Potential forensic extraction risks remain
  • Increased attack surface due to message availability on multiple sender devices

The discovery emerged from Zengo’s research into messaging platforms as part of their development of Multi-Party Computation (MPC) cryptocurrency wallet technology. The company’s technical team constructed an unofficial WhatsApp client based on open-source web client implementation to demonstrate the vulnerability.

Meta’s response included an initial patch that proved insufficient, followed by the current more comprehensive solution that prevents unauthorized devices from accessing View Once messages, though security experts maintain that additional improvements could further enhance user privacy.

- Advertisement -

✅ Follow BITNEWSBOT on Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest

Congress Debates Stablecoin Bill Amid Rising Bank and Crypto Tensions

U.S. lawmakers are moving forward with the Senate Guiding and Establishing National Innovation for U.S. Stablecoins (GENIUS) Act, with debates set to resume after...

American Engineer Drugged, Robbed in Sophisticated London Crypto Heist

An American software engineer lost approximately $123,000 in cryptocurrency after being drugged and robbed in London.The victim was targeted by an impersonator posing as...

Max Keiser Doubts New Bitcoin Treasuries’ Discipline in Bear Market

Bitcoin-focused companies are increasingly copying the treasury strategy used by Michael Saylor's Strategy.Max Keiser raised doubts about whether these newer companies can maintain commitment...

South Korea Election Puts Crypto Policy at Center of Debate

Nearly one-third of South Koreans hold digital assets, making crypto a vital issue in the upcoming presidential election.Both major parties support crypto exchange-traded funds...

Scottsdale Residents Lose $6M to Crypto Scams; Police Respond

Scottsdale residents have reported losing over $6 million to cryptocurrency Scams in 2024.Authorities say actual losses could be higher, as not all cases are...

Must Read

Top 9 Most Legit Bitcoin Faucets

Bitcoin faucets are platforms where you can earn Bitcoin free. Some other faucet apps and websites allow users to receive different cryptocurrencies for free....